Feldbussysteme Teil 1: Ethernet & Internet Protokoll

Size: px
Start display at page:

Download "Feldbussysteme Teil 1: Ethernet & Internet Protokoll"

Transcription

1 Feldbussysteme Teil : Ethernet & Internet Protokoll Gerhard Rücklé Fachbereich Elektrotechnik und Informationstechnik Hochschule Darmstadt University of Applied Sciences Laboring.: Günter Trautmann: Laboring.: Heribert Weinerth: Anmeldung: https://www.dr.eit.h-da.de März 27

2 c Gerhard Rücklé Hochschule Darmstadt University of Applied Sciences Allgemeines Foils: Fieldbus Systems Im Labor gibt es mehrere Netzwerke, insbesondere ein spezielles Netzwerk für den Test um den normalen (Labor-) Netzwerkverkehr nicht zu stören. Lab Network nwlab nwgate Test Network ldr5 lnw5 ldr4 ldr2 ldr3 ldr nwlab2 nwgate2 Der Rechner nwgate ist mit zwei Netzwerkkarten ausgerüstet und fungiert als Gateway zwischen dem normalen Labornetzwerk und dem Testnetzwerk. Auf allen Rechnern und Routern läuft Linux. Konfigurieren der Rechner und Router wird auf der Kommandoebene, d.h. nicht mit graphischen Tools erfolgen. Viele der in diesem Versuch verwendeten Kommandos sind auch unter Windows ( Eingabeaufforderung ) mit ggf. leicht veränderter Syntax oder Kommandonamen vorhanden (z.b. ping, route, telnet,...) bzw. über (Freeware Unix Tools für Windows) zu bekommen. lnw4 lnw2 lnw3 lnw 44

3 c Gerhard Rücklé Hochschule Darmstadt University of Applied Sciences Foils: Fieldbus Systems Auf dem Rechner nwgate2 haben Sie volle Superuser Rechte (login: root, Passwort wird im Labor bekanntgegeben). Bitte benutzen Sie den Zugang zu nwgate2 deshalb mit Vorsicht. Bitte lassen Sie bei der Konfiguration auf nwgate2 besondere Umsicht walten, weil alle Gruppen parallel auf diesem Rechner arbeiten (es gibt ja nur eine Routingtabelle) und die Konfigurationen gegenseitig veränderbar sind. Ihre normalen Dateien aus den Arbeitsplatzrechnern sind auf dem Rechner nwgate über ein Netzwerkdateisystem eingebunden. Auf nwgate haben Sie keine Superuser Rechte und müssen den gleichen Login verwenden wie für Ihren Laborzugang am Arbeitsplatz. Zur Dokumentation können Sie direkt aus dem Testnetzwerk ausgedruckt werden ( mpage, a2ps ) oder per cut-and-paste zwischen den Anwendungsfenstern in einen Editor kopiert und dann ausgedrucklt werden (z.b. im emacs editor datei print postscript buf f er). Diese Datendateien können Sie auch zu Dokumentationszwecken auf einen Memorystick kopieren lassen. 45

4 c Gerhard Rücklé Hochschule Darmstadt University of Applied Sciences An Kommandos werden Sie haptsächlich brauchen: Foils: Fieldbus Systems Zum Ansehen von Handbuchseiten zu den Linux Kommandos: man Für den Zugang zu nwgate und nwgate2: ssh Für den Zugang zu den Routern: telnet Zum Ausdrucken: a2ps bzw. mpage (nur router) Zum editieren bzw. dokumentieren einen Editor z.b.: emacs Ggf. für das Kopieren von Dateien zwischen den Rechnern: scp Die Vollständigen Handbuchseiten der wichtigsten Kommandos sind im Anhang aufgeführt. werden Sie nur einige wenige Optionen der Kommandos. Brauchen Einige Beispiele: man ping zeigt die Handbuchseiten zu des ping Programmes an. Blättern mit Leertaste (vorwärts) b (rückwarts) und q für beenden. 46

5 c Gerhard Rücklé Hochschule Darmstadt University of Applied Sciences ping nwgate2 Foils: Fieldbus Systems Testet mittels ICMP-Echo-Request/Reply die Netzwerkverbindung zu dem Rechner nwgate2. Die meisten Kommandos und Programme (bis auf Ausnahmen wie ssh, telnet und Editoren) lassen sich mit ˆ -C (Control-C) abbrechen. ssh -X erzeugt eine sichere (verschlüsselte) Verbindung zum Rechner nwgate2 mit dem Benutzer root und erlaubt die Eingabe von Kommandos auf diesem entfernten Rechner und erlaubt auch das X-Wondow Feature remote display. Direkt beenden lässt sich ssh mit der Sequenz. (Tilde Punkt). Control-C wirkt natürlich nicht auf die Secure-Shell selbst sondern auf das laufende Programm im entfernten Rechner (transparente Verbindung)! route -n mpage route -n a2ps Listet die Routing-Tabelle ( -n verhindert die Auflösung von IP-Adressen zu Namen) und gibt diese Liste weiter (Pipe-Symbol ) an das Kommando mpage bzw. a2ps zum Drucken. Umgebung im Netzwerk Labor 47

6 c Gerhard Rücklé Hochschule Darmstadt University of Applied Sciences Foils: Fieldbus Systems Hinweise zur Router Netzwerkkonfiguration: Jede Gruppe verfügt über zwei Router. Die Router sind alle mit zwei Netzwerkschnittstellen (bezeichnet mit eth bzw. eth) ausgerüstet: eth: Nur auf Stecker P eth: Stecker P2..P8 (Hub) Der Kontakt zu dem Router (z.b. H77) muss mittels telnet hergestellt werden, weil diese ssh nicht beherschen: telnet Beenden kann man telnet direkt mit der Tastensequenz Control-] und dann das Kommando quit. Die Tastatureingabe von Control-C bricht hier ein Programm auf dem entfernten Rechner ab und nicht das lokale telnet! Aufkleber auf den Routern geben die anfänglichen IP Adressen an. Falls Sie die Router wegen einer Fehlkonfiguration nicht mehr erreichen können, hilft nur noch das Ziehen des Netzsteckers/Reboot. Kontrollieren Sie bitte genau, ob Sie auch mit dem richtigen Router neben Ihrem Arbeitsplatz verbunden sind. Denn erreichbar über das Netzwerk sind sie alle! Zur einfachen Identifizierung endet der Name des Routers mit dem letzten Byte der anfänglichen (aufgedruckten) IP-Adresse. Ist also die IP-Adresse , so heisst der Router etwa H77. Dieser Name ändert sich natürlich auch nicht, wenn Sie das Interface anders konfigurieren. Umgebung im Netzwerk Labor 48

7 c Gerhard Rücklé Hochschule Darmstadt University of Applied Sciences Zum Testen bzw. auf den Routern selbst werden Sie folgende Kommandos brauchen: Foils: Fieldbus Systems Zur Konfiguration der Netzwerkschnittstelle: ifconfig Für die ARP-Tabelle: arp Für die Routing-Tabelle: route Anzeige des Netzwerkverkehrs: tcpdump Zum Testen: ping Auch hier einige Beispiele: ifconfig eth ifconfig eth mpage Zeigt die Parameter der Netzwerk-Schnittstelle eth an bzw. in der zweiten Zeile gibt diese dann auf den Drucker aus. arp -n Zeigt die ARP-Tabelle ( -n heisst ohne Namensauflösung) an. Umgebung im Netzwerk Labor 49

8 c Gerhard Rücklé Hochschule Darmstadt University of Applied Sciences ifconfig eth netmask broadcast Foils: Fieldbus Systems Konfiguriert die Schnittstelle eth. Dabei werden alle zu dieser Schnittstelle gehörenden ARP- und Routing-Einträge gelöscht und ein einziger neuer Eintrag in der Routingtabelle für das lokale /6 Netzwerk erzeugt (6 Bit Hostadresse). tcpdump -i eth icmp and host Zeigt den Netzwerkverkehr des Interfaces eth ( -i eth ) an, nur das Protokoll ICMP und nur IP-Packete die von oder zu der IP-Adresse gehen ( host ). Abbrechen lässt sich (fast) jedes Programm mittels Control-C auf der Tastatur. Im folgenden Bild ist Konfiguration mit den zwei Routern dargestellt. Diese sollte am Ende der Aufgaben erreicht sein: Umgebung im Netzwerk Labor 5

9 c Gerhard Rücklé Hochschule Darmstadt University of Applied Sciences Foils: Fieldbus Systems Lab Network nwlab nwlab2 nwgate nwgate2 ldr ldr2 ldr3 ldr4 ldr5 Testnetzwerk / * Router (92+x) Router 2 Lab Workstations Labornetzwerk /8.y...y..2 Privatnetzwerk.y../ Aufgaben 5

10 c Gerhard Rücklé Hochschule Darmstadt University of Applied Sciences Aufgabe :Router Konfiguration Foils: Fieldbus Systems Bitte beachten Sie folgende Punkte: Eine IP Addresse muss eindeutig (nur einmal) im Netz vorhanden sein. abgesetzer ping auf die neue Adresse schafft hier Klarheit. Ein vor der Konfiguration Eine fehlende Antwort auf ping oder telnet Ihres Routers bedeutet meist nicht, dass er abgestürzt ist sondern vielmehr, dass entweder die IP Adresse schon vergeben war oder keine Route zu dem Router hin oder vom Router zu Ihrem Rechner besteht (falsche oder durch Interfacerekonfigurierung gelöschte Routingtabelleneinträge). Nach dem Ziehen des Netzsteckers und dem Reboot dauert es natürlich ca. eine Minute, bis der Router wieder Online ist. Dabei hat er wieder die alte Adresse, wie sie auf dem Gehäuse steht. Eine telnet -Verbindung von den Arbeitsplatzrechnern ldr z zu den Routern benötigt zum Funktionieren neben dem Eintrag auf Ihrem Laborrechner (der Eintrag ist aber eig. immer da) auch einen Routeneintrag auf dem Router für den Rückweg Ihres Packetes durch den Gateway-Rechner nwgate. D.h. nach der Rekonfigurierung des zuständigen Interfaces wird der Kontakt mit Ihrem Laborrechner nicht mehr möglich sein. Von nwgate/2 treten diese Probleme nicht auf, da auch die neue Routeradresse immer noch Teil des lokalen Testnetzwerk ist ( /8). Auf allen Rechnern und Routern können Sie auch mehrfach angemeldet sein, d.h. mehrere telnet oder ssh Sitzungen haben. Beim Booten holen sich die Router über das Netzwerk von den Rechnern nwgate/2 verschiedene Programme. Dazu ist es unbedingt notwendig, dass während des Bootens der Anschluss P der Router mit dem Labornetzwerk verbunden ist. Sonst fehlen Ihnen wichtige Programme. Aufgaben 52

11 c Gerhard Rücklé Hochschule Darmstadt University of Applied Sciences Foils: Fieldbus Systems Ihre Ausarbeitung sollte die Antwort zu den gestellten Fragen enthalten sowie alle Dokumentationsdaten (tcpdump/ping/arp/routing) Protokolle und Einträge (zu den jeweiligen Aufgabenpunkten getrennt) umfassen. Diese können mit cut-and-paste aus einem Terminalfenster in einen Editor kopiert werden und dann ausgedruckt bzw. auf eine Datenträger (Memory Stick) kopiert werden. Bitte die Daten im Editor immer gleich sichern (file-save), sonst geht ggf. etwas verloren. Aufgaben 53

12 c Gerhard Rücklé Hochschule Darmstadt University of Applied Sciences Aufgabenstellung: Foils: Fieldbus Systems a.. Als Teil Ihrer IP-Adressen werden Sie folgende Werte brauchen: z = Rechnernummer, x = z + 33, y = Loginnummer Angenommen Sie haben den Login fbs43 und sind am Arbeitsplatzrechner ldr5. Damit ergibt sich: z = 5, x = = 38, y = 43 Frage a.: Was würde passieren, wenn Sie einem Router die gleiche IP Adresse geben würden, wie sie schon ein anderer Router hat? b.. Router Interface eth Konfiguration: Nehmen Sie von Ihren Routern den mit der kleinsten Adresse und kontrollieren Sie, ob P mit dem Testnetzwerk verbunden ist. Dann verbinden Sie sich mittels telnet von Ihrem AP zu dem Router. Die Adresse finden Sie auf dem Routergehäuse. Die Telnetsitzung verlassen mit Control-]. Dokumentieren Sie diese anfänglichen Einstellungen von eth und von eth. Frage b.: Warum ist der Zähler für die Empfangenen Pakete von eth (RX packets) auf Null, nicht aber der von eth? c.. Router Interface eth Konfiguration: Konfigurieren Sie jetzt das Netzwerkinterface eth (connector P2..P8) auf die Adresse.y.. mit einem Bereich von 9 Bit Hostadressen. Dokumentieren Sie die Einstellungen beider Interface. Starten Sie nun tcpdump auf dem Router (Filterausdruck nicht vergessen sonst sehen Sie alles) für das Interface eth. Dokumentieren Sie dem Empfang einiger ICMP-Packete (ping) für Ihr Interface eth von nwlab aus. Versuchen Sie Aufgaben 54

13 c Gerhard Rücklé Hochschule Darmstadt University of Applied Sciences ping.y.. Frage c.: Warum funktioniert dies nicht von Ihrem Arbeitsplatzrechner ldr z keinem anderen Rechner ausser dem Router selbst? Foils: Fieldbus Systems und auch von d.. Router 2 eth Konfiguration: Konfigurieren Sie jetzt den zweiten Router (grössere anfängliche IP Adresse). Das Netzwerkinterface eth (Stecker P) soll die neue Adresse (92 + x) bekommen. Warum ist unmittelbar nach der Rekonfigurierung die Verbindung tot? Testen Sie die Erreichbarkeit der neuen IP Adresse mittels ping. Frage d.: Warum geht dies nicht vom AP-Rechner ldr z aus jedoch von nwgate oder nwgate2? Dokumentieren Sie die Interfaceeinstellung von eth. e.. Router 2 eth Konfiguration: Geben Sie dem Interface eth nun die Adresse.y..2 ebenfalls mit 9 Bit Hostadressen und verbinden Sie beide Router. Testen Sie die Erreichbarkeit von dem ersten Router aus mit ping: ping.y.. ping.y..2 Frage e.: Welcher der beiden o.g. ping-befehle lässt sich nicht mit tcpdump auf dem zweiten Router sehen und warum? Dokumentieren Sie den ARP-Verkehr (nicht nur die ARP-Tabelle!) und ein ICMP-Echo-Request/Reply Paar (Hinweis: Löschen der ARP-Einträge mit arp -d... ). f.. Routingtabelle der Router: Nach ldr z : Setzen Sie auf Ihrem AP-Rechner ldr z ein ping auf (92 + x) ab. Dokumentieren Sie was angezeigt wird. Frage f.: Erklären Sie, was Sie mit tcpdump (auf dem Router/eth gestartet) sehen. Erzeugen Sie Einträge auf den Routern damit der ping dann auch funktioniert. Dokumentieren Sie die Routingtabelle der Router. Aufgaben 55

14 c Gerhard Rücklé Hochschule Darmstadt University of Applied Sciences Foils: Fieldbus Systems g.. Routingtabelle nwgate2: Testen Sie nun von nwgate2 die Erreichbarkeit Ihres kleinen er Netzwerkes. ping.y.. ping.y..2 Frage g.: Geht es sofort? Warum bzw. warum nicht? Erzeugen Sie ggf. die entsprechenden Einträge und dokumentieren sie den ICMP Verkehr. Dokumentieren Sie auch den ARP Verkehr zu Ihren Routern. Frage g.2: Warum erfolgt der ARP nicht zu einer Adresse aus dem er Netzwerk? Denken Sie bitte bei der Konfiguration der Routingtabelle in nwgate2 daran, dass eine falsche Netzmaske den gesamten Verkehr (auch von anderen Gruppen) lahmlegen kann. h.. Zusatz : Erzeugen Sie auf Router, Router2 und nwgate2 die Routingeinträge derart, dass das Interface eth von Router mit seiner Adresse nicht direkt über das Testnetzwerk erreichbar ist, sondern die Pakete alle über Router2 laufen. Dies lässt sich mittels tcpdump nachweisen aber auch, indem Sie nach erfolgter Konfiguration die Netzwerkleitung zu P von Router abziehen. Dann muss das Interface mit seiner * Adresse immer noch von nwgate2 erreichbar sein (z.b. mit ping, telnet). i.. Zusatz 2: Verbinden Sie Ihre Router im er Netzwerk mit denen der benachbarten Gruppen und verändern Sie die Netzmaske und die Routingtabellen derart, dass alle erreichbar sind. ACHTUNG: Vor der Konfigurierung von nwlab2 bitte nachfragen und die Richtigkeit überprüfen lassen, denn mit falschen Einträgen erzeugen Sie Probleme bei anderen Gruppen! Aufgaben 56

15 TCPDUMP() TCPDUMP() TCPDUMP() TCPDUMP() NAME tcpdump dump traffic on a network SYNOPSIS tcpdump [ adeflnnopqrstuvxx ][ c count ] [ C file_size ][ F file ] [ i interface ][ m module ][ r file ] [ s snaplen ][ T type ][ w file ] [ E algo:secret ][expression ] DESCRIPTION Tcpdump prints out the headers of packets on a network interface that match the boolean expression. It can also be run with the w flag, which causes it to save the packet data to a file for later analysis, and/or with the b flag, which causes it to read from a saved packet file rather than to read packets from a network interface. In all cases, only packets that match expression will be processed by tcpdump. Tcpdump will, if not run with the c flag, continue capturing packets until it is interrupted by a SIGINT signal (generated, for example, by typing your interrupt character, typically control-c) or a SIGTERM signal (typically generated with the kill() command); if run with the c flag, it will capture packets until it is interrupted by a SIGINT or SIGTERM signal or the specified number of packets have been processed. When tcpdump finishes capturing packets, it will report counts of: packets received by filter (the meaning of this depends on the OS on which you re running tcpdump, and possibly on the way the OS was configured - if a filter was specified on the command line, on some OSes it counts packets regardless of whether they were matched by the filter expression, and on other OSes it counts only packets that were matched by the filter expression and were processed by tcpdump); packets dropped by kernel (this is the number of packets that were dropped, due to a lack of buffer space, by the packet capture mechanism in the OS on which tcpdump is running, if the OS reports that information to applications; if not, it will be reported as ). On platforms that support the SIGINFO signal, such as most BSDs, it will report those counts when it receives a SIGINFO signal (generated, for example, by typing your status character, typically control-t) and will continue capturing packets. Reading packets from a network interface may require that you have special privileges: Under SunOS 3.x or 4.x with NIT or BPF: Youmust have read access to /dev/nit or /dev/bpf*. Under Solaris with DLPI: You must have read/write access to the network pseudo device, e.g. /dev/le. On at least some versions of Solaris, however, this is not sufficient to allow tcpdump to capture in promiscuous mode; on those versions of Solaris, you must be root, or tcpdump must be installed setuid to root, in order to capture in promiscuous mode. Under HP-UX with DLPI: Youmust be root or tcpdump must be installed setuid to root. Under IRIX with snoop: Youmust be root or tcpdump must be installed setuid to root. Under Linux: Youmust be root or tcpdump must be installed setuid to root. Under Ultrix and Digital UNIX: Once the super-user has enabled promiscuous-mode operation using pfconfig(8), any user may capture network traffic with tcpdump. OPTIONS a Under BSD: Youmust have read access to /dev/bpf*. Reading a savedpacket file doesn trequire special privileges. c C d dd ddd e E f F i l m n N O p q Attempt to convert network and broadcast addresses to names. Exit after receiving count packets. Before writing a raw packet to a savefile, check whether the file is currently larger than file_size and, if so, close the current savefile and open a new one. Savefiles after the first savefile will have the name specified with the w flag, with a number after it, starting at 2 and continuing upward. The units of file_size are millions of bytes (,, bytes, not,48,576 bytes). Dump the compiled packet-matching code in a human readable form to standard output and stop. Dump packet-matching code as a C program fragment. Dump packet-matching code as decimal numbers (preceded with a count). Print the link-levelheader on each dump line. Use algo:secret for decrypting IPsec ESP packets. Algorithms may be des-cbc, 3des-cbc, blowfish-cbc, rc3-cbc, cast28-cbc, or none. The default is des-cbc. The ability to decrypt packets is only present if tcpdump was compiled with cryptography enabled. secret the ascii text for ESP secret key. We cannot take arbitrary binary value at this moment. The option assumes RFC246 ESP, not RFC827 ESP. The option is only for debugging purposes, and the use of this option with truly secret key is discouraged. By presenting IPsec secret key onto command line you makeitvisible to others, via ps() and other occasions. Print foreign internet addresses numerically rather than symbolically (this option is intended to get around serious brain damage in Sun s yp server usually it hangs forever translating nonlocal internet numbers). Use file as input for the filter expression. An additional expression given on the command line is ignored. Listen on interface. If unspecified, tcpdump searches the system interface list for the lowest numbered, configured up interface (excluding loopback). Ties are broken by choosing the earliest match. On Linux systems with 2.2 or later kernels, an interface argument of any can be used to capture packets from all interfaces. Note that captures on the any device will not be done in promiscuous mode. Makestdout line buffered. Useful if you want to see the data while capturing it. E.g., tcpdump l tee dat or tcpdump l > dat & tail f dat. Load SMI MIB module definitions from file module. This option can be used several times to load several MIB modules into tcpdump. Don tconvert addresses (i.e., host addresses, port numbers, etc.) to names. Don t print domain name qualification of host names. E.g., if you give this flag then tcpdump will print nic instead of nic.ddn.mil. Do not run the packet-matching code optimizer. This is useful only if you suspect a bug in the optimizer. Don t put the interface into promiscuous mode. Note that the interface might be in promiscuous mode for some other reason; hence, -p cannot be used as an abbreviation for ether host {localhw-addr} or ether broadcast. Quick (quiet?) output. Print less protocol information so output lines are shorter. 3January 2 3January 2 2

16 TCPDUMP() TCPDUMP() TCPDUMP() TCPDUMP() R r S s T t tt ttt tttt v vv vvv w x X Assume ESP/AH packets to be based on old specification (RFC825 to RFC829). If specified, tcpdump will not print replay prevention field. Since there is no protocol version field in ESP/AH specification, tcpdump cannot deduce the version of ESP/AH protocol. Read packets from file (which was created with the -w option). Standard input is used if file is -. Print absolute, rather than relative, TCP sequence numbers. Snarf snaplen bytes of data from each packet rather than the default of 68 (with SunOS s NIT, the minimum is actually 96). 68 bytes is adequate for IP, ICMP, TCP and UDP but may truncate protocol information from name server and NFS packets (see below). Packets truncated because of a limited snapshot are indicated in the output with [ proto], where proto is the name of the protocol level atwhich the truncation has occurred. Note that taking larger snapshots both increases the amount of time it takes to process packets and, effectively, decreases the amount of packet buffering. This may cause packets to be lost. You should limit snaplen to the smallest number that will capture the protocol information you re interested in. Setting snaplen to means use the required length to catch whole packets. Force packets selected by "expression" to be interpreted the specified type. Currently known types are cnfp (Cisco NetFlow protocol), rpc (Remote Procedure Call), rtp (Real-Time Applications protocol), rtcp (Real-Time Applications control protocol), snmp (Simple Network Management Protocol), vat (Visual Audio Tool), and wb (distributed White Board). Don t print a timestamp on each dump line. Print an unformatted timestamp on each dump line. Print a delta (in micro-seconds) between current and previous line on each dump line. Print a timestamp in default format proceeded by date on each dump line. u Print undecoded NFS handles. (Slightly more) verbose output. For example, the time to live, identification, total length and options in an IP packet are printed. Also enables additional packet integrity checks such as verifying the IP and ICMP header checksum. Even more verbose output. For example, additional fields are printed from NFS reply packets, and SMB packets are fully decoded. Even more verbose output. For example, telnet SB... SE options are printed in full. With X telnet options are printed in hex aswell. Write the raw packets to file rather than parsing and printing them out. They can later be printed with the r option. Standard output is used if file is -. Print each packet (minus its link level header) in hex. The smaller of the entire packet or snaplen bytes will be printed. When printing hex, print ascii too. Thus if x is also set, the packet is printed in hex/ascii. This is very handy for analysing new protocols. Even if x is not also set, some parts of some packets may be printed in hex/ascii. expression selects which packets will be dumped. If no expression is given, all packets on the net will be dumped. Otherwise, only packets for which expression is true will be dumped. The expression consists of one or more primitives. Primitives usually consist of an id (name or number) preceded by one or more qualifiers. There are three different kinds of qualifier: type qualifiers say what kind of thing the id name or number refers to. Possible types are host, net and port. E.g., host foo, net 28.3, port 2. If there is no type qualifier, host is assumed. dir proto qualifiers specify a particular transfer direction to and/or from id. Possible directions are src, dst, src ordst and src and dst. E.g., src foo, dst net 28.3, src or dst port ftpdata. If there is no dir qualifier, src or dst is assumed. For null link layers (i.e. point to point protocols such as slip) the inbound and outbound qualifiers can be used to specify a desired direction. qualifiers restrict the match to a particular protocol. Possible protos are: ether, fddi, tr, ip, ip6, arp, rarp, decnet, tcp and udp. E.g., ether src foo, arp net 28.3, tcp port 2. If there is no proto qualifier, all protocols consistent with the type are assumed. E.g., src foo means (ip or arp or rarp) src foo (except the latter is not legal syntax), net bar means (ip or arp or rarp) net bar and port 53 means (tcp or udp) port 53. [ fddi is actually an alias for ether ; the parser treats them identically as meaning the data link level used on the specified network interface. FDDI headers contain Ethernet-like source and destination addresses, and often contain Ethernet-like packet types, so you can filter on these FDDI fields just as with the analogous Ethernet fields. FDDI headers also contain other fields, but you cannot name them explicitly in a filter expression. Similarly, tr is an alias for ether ; the previous paragraph s statements about FDDI headers also apply to Token Ring headers.] In addition to the above, there are some special primitive keywords that don t follow the pattern: gateway, broadcast, less, greater and arithmetic expressions. All of these are described below. More complex filter expressions are built up by using the words and, or and not to combine primitives. E.g., host foo and not port ftp and not port ftp-data. To save typing, identical qualifier lists can be omitted. E.g., tcp dst port ftp or ftp-data or domain is exactly the same as tcp dst port ftp or tcp dst port ftp-data or tcp dst port domain. Allowable primitivesare: dst host host True if the IPv4/v6 destination field of the packet is host, which may be either an address or a name. srchost host True if the IPv4/v6 source field of the packet is host. host host True if either the IPv4/v6 source or destination of the packet is host. Any of the above host expressions can be prepended with the keywords, ip, arp, rarp,orip6 as in: ip host host which is equivalent to: ether proto \ip and host host If host is a name with multiple IP addresses, each address will be checked for a match. ether dst ehost True if the ethernet destination address is ehost. Ehost may be either a name from /etc/ethers or a number (see ethers(3n) for numeric format). ether src ehost True if the ethernet source address is ehost. ether host ehost True if either the ethernet source or destination address is ehost. gateway host True if the packet used host as a gateway. I.e., the ethernet source or destination address was host but neither the IP source nor the IP destination was host. Host must be a name and must be found both by the machine s host-name-to-ip-address resolution mechanisms (host name file, DNS, NIS, etc.) and by the machine s host-name-to-ethernet-address resolution mechanism (/etc/ethers, etc.). (An equivalent expression is 3January 2 3 3January 2 4

17 TCPDUMP() TCPDUMP() TCPDUMP() TCPDUMP() ether host ehost and not host host which can be used with either names or numbers for host / ehost.) This syntax does not work in IPv6-enabled configuration at this moment. dst net net True if the IPv4/v6 destination address of the packet has a network number of net. Net may be either a name from /etc/networks or a network number (see networks(4) for details). src net net True if the IPv4/v6 source address of the packet has a network number of net. net net True if either the IPv4/v6 source or destination address of the packet has a network number of net. net net mask netmask True if the IP address matches net with the specific netmask. May be qualified with src or dst. Note that this syntax is not valid for IPv6 net. net net/len True if the IPv4/v6 address matches net with a netmask len bits wide. May be qualified with src or dst. dst port port True if the packet is ip/tcp, ip/udp, ip6/tcp or ip6/udp and has a destination port value of port. The port can be a number or a name used in /etc/services (see tcp(4p) and udp(4p)). If aname is used, both the port number and protocol are checked. If anumber or ambiguous name is used, only the port number is checked (e.g., dst port 53 will print both tcp/login traffic and udp/who traffic, and port domain will print both tcp/domain and udp/domain traffic). src port port True if the packet has a source port value of port. port port True if either the source or destination port of the packet is port. Any of the above port expressions can be prepended with the keywords, tcp or udp,asin: tcp src port port which matches only tcp packets whose source port is port. less length True if the packet has a length less than or equal to length. This is equivalent to: len <= length. greater length True if the packet has a length greater than or equal to length. This is equivalent to: len >= length. ip proto protocol True if the packet is an IP packet (see ip(4p)) of protocol type protocol. Protocol can be anumber or one of the names icmp, icmp6, igmp, igrp, pim, ah, esp, vrrp, udp, ortcp. Note that the identifiers tcp, udp, and icmp are also keywords and must be escaped via backslash (\), which is \\ in the C-shell. Note that this primitive does not chase the protocol header chain. ip6 proto protocol True if the packet is an IPv6 packet of protocol type protocol. Note that this primitive does not chase the protocol header chain. ip6 protochain protocol True if the packet is IPv6 packet, and contains protocol header with type protocol in its protocol header chain. For example, ip6 protochain 6 matches any IPv6 packet with TCP protocol header in the protocol header chain. The packet may contain, for example, authentication header, routing header, or hop-by-hop option header, between IPv6 header and TCP header. The BPF code emitted by this primitive is complex and cannot be optimized by BPF optimizer code in tcpdump, so this can be somewhat slow. ip protochain protocol Equivalent to ip6 protochain protocol,but this is for IPv4. ether broadcast True if the packet is an ethernet broadcast packet. The ether keyword is optional. ip broadcast True if the packet is an IP broadcast packet. It checks for both the all-zeroes and all-ones broadcast conventions, and looks up the local subnet mask. ether multicast True if the packet is an ethernet multicast packet. The ether keyword is optional. This is shorthand for ether[] &!=. ip multicast True if the packet is an IP multicast packet. ip6 multicast True if the packet is an IPv6 multicast packet. ether proto protocol True if the packet is of ether type protocol. Protocol can be a number or one of the names ip, ip6, arp, rarp, atalk, aarp, decnet, sca, lat, mopdl, moprc, iso, stp, ipx, or netbeui. Note these identifiers are also keywords and must be escaped via backslash (\). [In the case of FDDI (e.g., fddi protocol arp ) and Token Ring (e.g., tr protocol arp ), for most of those protocols, the protocol identification comes from the 82.2 Logical Link Control (LLC) header, which is usually layered on top of the FDDI or Token Ring header. When filtering for most protocol identifiers on FDDI or Token Ring, tcpdump checks only the protocol ID field of an LLC header in so-called SNAP format with an Organizational Unit Identifier (OUI) of x, for encapsulated Ethernet; it doesn t check whether the packet is in SNAP format with an OUI of x. The exceptions are iso, for which it checks the DSAP (Destination Service Access Point) and SSAP (Source Service Access Point) fields of the LLC header, stp and netbeui, where it checks the DSAP of the LLC header, and atalk, where it checks for a SNAP-format packet with an OUI of x87 and the Appletalk etype. In the case of Ethernet, tcpdump checks the Ethernet type field for most of those protocols; the exceptions are iso, sap, and netbeui, for which it checks for an 82.3 frame and then checks the LLC header as it does for FDDI and Token Ring, atalk, where it checks both for the Appletalk etype in an Ethernet frame and for a SNAP-format packet as it does for FDDI and Token Ring, aarp, where it checks for the Appletalk ARP etype in either an Ethernet frame or an 82.2 SNAP frame with an OUI of x, and ipx, where it checks for the IPX etype in an Ethernet frame, the IPX DSAP in the LLC header, the 82.3 with no LLC header encapsulation of IPX, and the IPX etype in a SNAP frame.] decnet src host True if the DECNET source address is host, which may be an address of the form.23, or a DECNET host name. [DECNET host name support is only available on Ultrix systems that are configured to run DECNET.] 3January 2 5 3January 2 6

FireRack. Network Monitoring and Troubleshooting Guide. Revision: rfs-051208-1

FireRack. Network Monitoring and Troubleshooting Guide. Revision: rfs-051208-1 FireRack Network Monitoring and Troubleshooting Guide Revision: rfs-051208-1 Table of Contents Introduction...3 FMS Traffic Statistics...4 Monitoring and packet sniffing tools...6 Examining Argus logs...13

More information

TCPdump Basics. TCPdump and WinDump are available at: http://www.tcpdump.org/ & http://windump.polito.it/

TCPdump Basics. TCPdump and WinDump are available at: http://www.tcpdump.org/ & http://windump.polito.it/ TCPdump Basics What we will cover: What is/are TCPdump/WinDump? Why use TCPdump? Installation of TCPdump on Unix/Windows It s installed, now what? Changing the amount of data collected Reading TCPdump/WinDump

More information

Introduction to Analyzer and the ARP protocol

Introduction to Analyzer and the ARP protocol Laboratory 6 Introduction to Analyzer and the ARP protocol Objetives Network monitoring tools are of interest when studying the behavior of network protocols, in particular TCP/IP, and for determining

More information

Unix System Administration

Unix System Administration Unix System Administration Chris Schenk Lecture 08 Tuesday Feb 13 CSCI 4113, Spring 2007 ARP Review Host A 128.138.202.50 00:0B:DB:A6:76:18 Host B 128.138.202.53 00:11:43:70:45:81 Switch Host C 128.138.202.71

More information

IAC-BOX Network Integration. IAC-BOX Network Integration IACBOX.COM. Version 2.0.1 English 24.07.2014

IAC-BOX Network Integration. IAC-BOX Network Integration IACBOX.COM. Version 2.0.1 English 24.07.2014 IAC-BOX Network Integration Version 2.0.1 English 24.07.2014 In this HOWTO the basic network infrastructure of the IAC-BOX is described. IAC-BOX Network Integration TITLE Contents Contents... 1 1. Hints...

More information

Kap. 2. Transport - Schicht

Kap. 2. Transport - Schicht Kap. 2 Transport - Schicht 2-2 Transport-Schicht Transport-Schicht: bietet eine logische Kommunikation zw. Anwendungen TCP: - Verbindungsorientiert mittels 3-Way-Handshake - zuverlässiger Datentransport

More information

Practical Network Forensics

Practical Network Forensics BCS-ISSG Practical Network Forensics Day BCS, London Practical Network Forensics Alan Woodroffe issg@securesystemssupport.co.uk www.securesystemssupport.co.uk Copyright Secure Systems Support Limited.

More information

TCP/IP Concepts Review. A CEH Perspective

TCP/IP Concepts Review. A CEH Perspective TCP/IP Concepts Review A CEH Perspective 1 Objectives At the end of this unit, you will be able to: Describe the TCP/IP protocol stack For each level, explain roles and vulnerabilities Explain basic IP

More information

NTOP User s Guide Network Usage Monitor for Unix Systems

NTOP User s Guide Network Usage Monitor for Unix Systems NTOP User s Guide Network Usage Monitor for Unix Systems Version 1.1 1998-99, Luca Deri Every effort has been made to ensure that the information contained in this book is accurate. The

More information

Ethernet. Ethernet. Network Devices

Ethernet. Ethernet. Network Devices Ethernet Babak Kia Adjunct Professor Boston University College of Engineering ENG SC757 - Advanced Microprocessor Design Ethernet Ethernet is a term used to refer to a diverse set of frame based networking

More information

quick documentation Die Parameter der Installation sind in diesem Artikel zu finden:

quick documentation Die Parameter der Installation sind in diesem Artikel zu finden: quick documentation TO: FROM: SUBJECT: ARND.SPIERING@AS-INFORMATIK.NET ASTARO FIREWALL SCAN MIT NESSUS AUS BACKTRACK 5 R1 DATE: 24.11.2011 Inhalt Dieses Dokument beschreibt einen Nessus Scan einer Astaro

More information

Network Security. Chapter 3. Cornelius Diekmann. Version: October 21, 2015. Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik

Network Security. Chapter 3. Cornelius Diekmann. Version: October 21, 2015. Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Network Security Chapter 3 Cornelius Diekmann Lehrstuhl für Netzarchitekturen und Netzdienste Institut für Informatik Version: October 21, 2015 IN2101, WS 15/16, Network Security 1 Security Policies and

More information

2057-15. First Workshop on Open Source and Internet Technology for Scientific Environment: with case studies from Environmental Monitoring

2057-15. First Workshop on Open Source and Internet Technology for Scientific Environment: with case studies from Environmental Monitoring 2057-15 First Workshop on Open Source and Internet Technology for Scientific Environment: with case studies from Environmental Monitoring 7-25 September 2009 TCP/IP Networking Abhaya S. Induruwa Department

More information

Packet Capture. Document Scope. SonicOS Enhanced Packet Capture

Packet Capture. Document Scope. SonicOS Enhanced Packet Capture Packet Capture Document Scope This solutions document describes how to configure and use the packet capture feature in SonicOS Enhanced. This document contains the following sections: Feature Overview

More information

Internetworking and IP Address

Internetworking and IP Address Lecture 8 Internetworking and IP Address Motivation of Internetworking Internet Architecture and Router Internet TCP/IP Reference Model and Protocols IP Addresses - Binary and Dotted Decimal IP Address

More information

PPS Internet-Praktikum. Prof. Bernhard Plattner Institut für Technische Informatik und Kommunikationsnetze (TIK)

PPS Internet-Praktikum. Prof. Bernhard Plattner Institut für Technische Informatik und Kommunikationsnetze (TIK) PPS Internet-Praktikum Prof. Bernhard Plattner Institut für Technische Informatik und Kommunikationsnetze (TIK) September 2011 Zielsetzung Von unserer Webpage: Das Ziel dieser PPS-Veranstaltung ist es,

More information

Themen der Praktikumsnachmittage. PPS Internet-Praktikum. Zielsetzung. Infrastruktur im ETF B5

Themen der Praktikumsnachmittage. PPS Internet-Praktikum. Zielsetzung. Infrastruktur im ETF B5 PPS Internet-Praktikum Prof. Bernhard Plattner Institut für Technische Informatik und Kommunikationsnetze (TIK) Themen der Praktikumsnachmittage Aufbau und Analyse eines kleinen Netzwerks Routing Anwendungen

More information

EE984 Laboratory Experiment 2: Protocol Analysis

EE984 Laboratory Experiment 2: Protocol Analysis EE984 Laboratory Experiment 2: Protocol Analysis Abstract This experiment provides an introduction to protocols used in computer communications. The equipment used comprises of four PCs connected via a

More information

Network Traffic Analysis

Network Traffic Analysis 2013 Network Traffic Analysis Gerben Kleijn and Terence Nicholls 6/21/2013 Contents Introduction... 3 Lab 1 - Installing the Operating System (OS)... 3 Lab 2 Working with TCPDump... 4 Lab 3 - Installing

More information

Introduction to Passive Network Traffic Monitoring

Introduction to Passive Network Traffic Monitoring Introduction to Passive Network Traffic Monitoring CS459 ~ Internet Measurements Spring 2015 Despoina Antonakaki antonakd@csd.uoc.gr Active Monitoring Inject test packets into the network or send packets

More information

IP Addressing and Subnetting. 2002, Cisco Systems, Inc. All rights reserved.

IP Addressing and Subnetting. 2002, Cisco Systems, Inc. All rights reserved. IP Addressing and Subnetting 2002, Cisco Systems, Inc. All rights reserved. 1 Objectives Upon completion, you will be able to: Discuss the Types of Network Addressing Explain the Form of an IP Address

More information

Quick Start Guide UTM 110/120

Quick Start Guide UTM 110/120 Quick Start Guide UTM 110/120 Sophos Access Points Sophos Access Points 1. Preparation Before you begin, please confirm that you have a working Internet connection & make sure you have the following items

More information

IP Network Layer. Datagram ID FLAG Fragment Offset. IP Datagrams. IP Addresses. IP Addresses. CSCE 515: Computer Network Programming TCP/IP

IP Network Layer. Datagram ID FLAG Fragment Offset. IP Datagrams. IP Addresses. IP Addresses. CSCE 515: Computer Network Programming TCP/IP CSCE 515: Computer Network Programming TCP/IP IP Network Layer Wenyuan Xu Department of Computer Science and Engineering University of South Carolina IP Datagrams IP is the network layer packet delivery

More information

Laboratory work 4. Application of Windows OS Built-in Networks Diagnostic Tools

Laboratory work 4. Application of Windows OS Built-in Networks Diagnostic Tools Laboratory work 4 Application of Windows OS Built-in Networks Diagnostic Tools Objectives Get acquainted with Windows OS command-line network diagnostic, monitoring and management tools and their application

More information

TCP/IP Fundamentals. OSI Seven Layer Model & Seminar Outline

TCP/IP Fundamentals. OSI Seven Layer Model & Seminar Outline OSI Seven Layer Model & Seminar Outline TCP/IP Fundamentals This seminar will present TCP/IP communications starting from Layer 2 up to Layer 4 (TCP/IP applications cover Layers 5-7) IP Addresses Data

More information

Lecture Computer Networks

Lecture Computer Networks Prof. Dr. H. P. Großmann mit M. Rabel sowie H. Hutschenreiter und T. Nau Sommersemester 2012 Institut für Organisation und Management von Informationssystemen Thomas Nau, kiz Lecture Computer Networks

More information

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP Guide to Network Defense and Countermeasures Third Edition Chapter 2 TCP/IP Objectives Explain the fundamentals of TCP/IP networking Describe IPv4 packet structure and explain packet fragmentation Describe

More information

Virtual Address Mapping

Virtual Address Mapping Virtual Address Mapping Ziel ist es, zwischen zwei ZyWALL Routern (ZyWALL 2 Plus ZyWALL P1), welche sich beide im selben Lokalen IP Bereich (192.168.1.1/24) befinden, einen VPN-Tunnel mittels NAT over

More information

Network Traffic Evolution. Prof. Anja Feldmann, Ph.D. Dr. Steve Uhlig

Network Traffic Evolution. Prof. Anja Feldmann, Ph.D. Dr. Steve Uhlig Network Traffic Evolution Prof. Anja Feldmann, Ph.D. Dr. Steve Uhlig 1 Example trace Name port % bytes % packets bytes per packet world-wide-web 80???????????? netnews 119???????????? pop-3 mail 110????????????...

More information

ntop.org nprobe and nbox User s Guide Open Source Software and Hardware NetFlow v5/v9 Probe Version 3.0.1 February 2004

ntop.org nprobe and nbox User s Guide Open Source Software and Hardware NetFlow v5/v9 Probe Version 3.0.1 February 2004 ntop.org nprobe and nbox User s Guide Open Source Software and Hardware NetFlow v5/v9 Probe Version 3.0.1 February 2004 2002-04 Luca Deri 1. Introduction In commercial environments, NetFlow

More information

Packet Monitor in SonicOS 5.8

Packet Monitor in SonicOS 5.8 Packet Monitor in SonicOS 5.8 Document Contents This document contains the following sections: Packet Monitor Overview on page 1 Configuring Packet Monitor on page 5 Using Packet Monitor and Packet Mirror

More information

Module 6. Internetworking. Version 2 CSE IIT, Kharagpur

Module 6. Internetworking. Version 2 CSE IIT, Kharagpur Module 6 Internetworking Lesson 2 Internet Protocol (IP) Specific Instructional Objectives At the end of this lesson, the students will be able to: Explain the relationship between TCP/IP and OSI model

More information

How do I get to www.randomsite.com?

How do I get to www.randomsite.com? Networking Primer* *caveat: this is just a brief and incomplete introduction to networking to help students without a networking background learn Network Security. How do I get to www.randomsite.com? Local

More information

Understanding Layer 2, 3, and 4 Protocols

Understanding Layer 2, 3, and 4 Protocols 2 Understanding Layer 2, 3, and 4 Protocols While many of the concepts well known to traditional Layer 2 and Layer 3 networking still hold true in content switching applications, the area introduces new

More information

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. Course Name: TCP/IP Networking Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. TCP/IP is the globally accepted group of protocols

More information

Host Configuration (Linux)

Host Configuration (Linux) : Location Date Host Configuration (Linux) Trainer Name Laboratory Exercise: Host Configuration (Linux) Objectives In this laboratory exercise you will complete the following tasks: Check for IPv6 support

More information

Computer Networks/DV2 Lab

Computer Networks/DV2 Lab Computer Networks/DV2 Lab Room: BB 219 Additional Information: http://www.fb9dv.uni-duisburg.de/ti/en/education/teaching/ss13/netlab Equipment for each group: - 1 Server computer (OS: Windows Server 2008

More information

Quick Start Guide UTM 220/320/425/525/625

Quick Start Guide UTM 220/320/425/525/625 Quick Start Guide UTM 220/320/425/525/625 Sophos Access Points Sophos Access Points Before you begin, please confirm that you have a working Internet connection and make sure you have the following items

More information

Guide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols

Guide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols Guide to TCP/IP, Third Edition Chapter 3: Data Link and Network Layer TCP/IP Protocols Objectives Understand the role that data link protocols, such as SLIP and PPP, play for TCP/IP Distinguish among various

More information

Packet Sniffing with Wireshark and Tcpdump

Packet Sniffing with Wireshark and Tcpdump Packet Sniffing with Wireshark and Tcpdump Capturing, or sniffing, network traffic is invaluable for network administrators troubleshooting network problems, security engineers investigating network security

More information

best Open Systems Day Fall 2006 Unterföhring Marco Kühn best Systeme GmbH kuehn@best.de

best Open Systems Day Fall 2006 Unterföhring Marco Kühn best Systeme GmbH kuehn@best.de Project Crossbow best Open Systems Day Fall 2006 Unterföhring Marco Kühn best Systeme GmbH kuehn@best.de Agenda IP heute in Solaris 10 Crossbow Ziele Crossbow Virtual Networks Crossbow IP Instances 28.11.06

More information

2. Compressing data to reduce the amount of transmitted data (e.g., to save money).

2. Compressing data to reduce the amount of transmitted data (e.g., to save money). Presentation Layer The presentation layer is concerned with preserving the meaning of information sent across a network. The presentation layer may represent (encode) the data in various ways (e.g., data

More information

Building an Architecture Model 1. 1. Entwerfen Sie mit AxiomSys ein Kontextdiagramm, das folgendermaßen aussieht:

Building an Architecture Model 1. 1. Entwerfen Sie mit AxiomSys ein Kontextdiagramm, das folgendermaßen aussieht: Building an Architecture Model 1 1. Entwerfen Sie mit AxiomSys ein Kontextdiagramm, das folgendermaßen aussieht: Wie Ihnen aus der vergangenen Lehrveranstaltung bekannt ist, bedeuten Sterne neben den Bezeichnungen,

More information

Basic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet

Basic Networking Concepts. 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet Basic Networking Concepts 1. Introduction 2. Protocols 3. Protocol Layers 4. Network Interconnection/Internet 1 1. Introduction -A network can be defined as a group of computers and other devices connected

More information

Search Engines Chapter 2 Architecture. 14.4.2011 Felix Naumann

Search Engines Chapter 2 Architecture. 14.4.2011 Felix Naumann Search Engines Chapter 2 Architecture 14.4.2011 Felix Naumann Overview 2 Basic Building Blocks Indexing Text Acquisition Text Transformation Index Creation Querying User Interaction Ranking Evaluation

More information

1 DNS Packet Structure

1 DNS Packet Structure Fundamentals of Computer Networking Project 1 Primer: DNS Overview CS4700/CS5700 Fall 2009 17 September 2009 The DNS protocol is well-documented online, however, we describe the salient pieces here for

More information

TCP/IP Networking Terms you ll need to understand: Techniques you ll need to master:

TCP/IP Networking Terms you ll need to understand: Techniques you ll need to master: 5 TCP/IP Networking Terms you ll need to understand: Subnet mask Subnetting Classless Interdomain Routing (CIDR) Transmission Control Protocol/Internet Protocol (TCP/IP) Address Resolution Protocol (ARP)

More information

Introduction to Network Security Lab 1 - Wireshark

Introduction to Network Security Lab 1 - Wireshark Introduction to Network Security Lab 1 - Wireshark Bridges To Computing 1 Introduction: In our last lecture we discussed the Internet the World Wide Web and the Protocols that are used to facilitate communication

More information

Instructor Notes for Lab 3

Instructor Notes for Lab 3 Instructor Notes for Lab 3 Do not distribute instructor notes to students! Lab Preparation: Make sure that enough Ethernet hubs and cables are available in the lab. The following tools will be used in

More information

TCP/IP Network Essentials. Linux System Administration and IP Services

TCP/IP Network Essentials. Linux System Administration and IP Services TCP/IP Network Essentials Linux System Administration and IP Services Layers Complex problems can be solved using the common divide and conquer principle. In this case the internals of the Internet are

More information

IP address format: Dotted decimal notation: 10000000 00001011 00000011 00011111 128.11.3.31

IP address format: Dotted decimal notation: 10000000 00001011 00000011 00011111 128.11.3.31 IP address format: 7 24 Class A 0 Network ID Host ID 14 16 Class B 1 0 Network ID Host ID 21 8 Class C 1 1 0 Network ID Host ID 28 Class D 1 1 1 0 Multicast Address Dotted decimal notation: 10000000 00001011

More information

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet Review questions 1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet C Media access method D Packages 2 To which TCP/IP architecture layer

More information

Networking Test 4 Study Guide

Networking Test 4 Study Guide Networking Test 4 Study Guide True/False Indicate whether the statement is true or false. 1. IPX/SPX is considered the protocol suite of the Internet, and it is the most widely used protocol suite in LANs.

More information

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2

More information

USING WIRESHARK TO CAPTURE AND ANALYZE NETWORK DATA

USING WIRESHARK TO CAPTURE AND ANALYZE NETWORK DATA USING WIRESHARK TO CAPTURE AND ANALYZE NETWORK DATA CPSC 441 TUTORIAL JANUARY 30, 2012 TA: RUITING ZHOU The content of these slides are taken from CPSC 526 TUTORIAL by Nashd Safa (Extended and partially

More information

8.2 The Internet Protocol

8.2 The Internet Protocol TCP/IP Protocol Suite HTTP SMTP DNS RTP Distributed applications Reliable stream service TCP UDP User datagram service Best-effort connectionless packet transfer Network Interface 1 IP Network Interface

More information

PktFilter A Win32 service to control the IPv4 filtering driver of Windows 2000/XP/Server 2003 http://sourceforge.net/projects/pktfilter/

PktFilter A Win32 service to control the IPv4 filtering driver of Windows 2000/XP/Server 2003 http://sourceforge.net/projects/pktfilter/ PktFilter A Win32 service to control the IPv4 filtering driver of Windows 2000/XP/Server 2003 http://sourceforge.net/projects/pktfilter/ Jean-Baptiste Marchand Jean-Baptiste.Marchand@hsc.fr Contents 1

More information

QAS DEBUG - User und Computer

QAS DEBUG - User und Computer QAS DEBUG - User und Computer Inhalt Computer Status vastool status Benutzer Login vastool list user vastool nss getpwnam vastool user checkaccess kinit su

More information

What is a DoS attack?

What is a DoS attack? CprE 592-YG Computer and Network Forensics Log-based Signature Analysis Denial of Service Attacks - from analyst s point of view Yong Guan 3216 Coover Tel: (515) 294-8378 Email: guan@ee.iastate.edu October

More information

AppGate Personal Firewall 2.5.0

AppGate Personal Firewall 2.5.0 AppGate Personal Firewall 2.5.0 AppGate Personal Firewall 2.5.0 Copyright 2012 Cryptzone Group AB Table of Contents 1. Introduction... 1 2. Installation... 2 2.1. Client Installation... 2 2.1.1. Requirements...

More information

Objectives of Lecture. Network Architecture. Protocols. Contents

Objectives of Lecture. Network Architecture. Protocols. Contents Objectives of Lecture Network Architecture Show how network architecture can be understood using a layered approach. Introduce the OSI seven layer reference model. Introduce the concepts of internetworking

More information

DNS. Some advanced topics. Karst Koymans. (with Niels Sijm) Informatics Institute University of Amsterdam. (version 2.6, 2013/09/19 10:55:30)

DNS. Some advanced topics. Karst Koymans. (with Niels Sijm) Informatics Institute University of Amsterdam. (version 2.6, 2013/09/19 10:55:30) DNS Some advanced topics Karst Koymans (with Niels Sijm) Informatics Institute University of Amsterdam (version 2.6, 2013/09/19 10:55:30) Friday, September 13, 2013 Karst Koymans (with Niels Sijm) (UvA)

More information

Measurement of the Usage of Several Secure Internet Protocols from Internet Traces

Measurement of the Usage of Several Secure Internet Protocols from Internet Traces Measurement of the Usage of Several Secure Internet Protocols from Internet Traces Yunfeng Fei, John Jones, Kyriakos Lakkas, Yuhong Zheng Abstract: In recent years many common applications have been modified

More information

Internet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering

Internet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering Internet Firewall CSIS 3230 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 8.8: Packet filtering, firewalls, intrusion detection Ch

More information

cnds@napier Slide 1 Introduction cnds@napier 1 Lecture 6 (Network Layer)

cnds@napier Slide 1 Introduction cnds@napier 1 Lecture 6 (Network Layer) Slide 1 Introduction In today s and next week s lecture we will cover two of the most important areas in networking and the Internet: IP and TCP. These cover the network and transport layer of the OSI

More information

Network layer" 1DT066! Distributed Information Systems!! Chapter 4" Network Layer!! goals: "

Network layer 1DT066! Distributed Information Systems!! Chapter 4 Network Layer!! goals: 1DT066! Distributed Information Systems!! Chapter 4" Network Layer!! Network layer" goals: "! understand principles behind layer services:" " layer service models" " forwarding versus routing" " how a

More information

Jetzt können Sie den Befehl 'nsradmin' auch für diverse Check-Operationen verwenden!

Jetzt können Sie den Befehl 'nsradmin' auch für diverse Check-Operationen verwenden! NetWorker - Allgemein Tip 642, Seite 1/6 Jetzt können Sie den Befehl 'nsradmin' auch für diverse Check-Operationen verwenden! Seit einiger Zeit (NetWorker 8.2.0?) können Sie mit dem Befehl nsradmin -C

More information

How to protect your home/office network?

How to protect your home/office network? How to protect your home/office network? Using IPTables and Building a Firewall - Background, Motivation and Concepts Adir Abraham adir@vipe.technion.ac.il Do you think that you are alone, connected from

More information

Internet Control Message Protocol (ICMP)

Internet Control Message Protocol (ICMP) Internet Control Message Protocol (ICMP) Relates to Lab 2: A short module on the Internet Control Message Protocol (ICMP). 1 Overview The IP (Internet Protocol) relies on several other protocols to perform

More information

Chapter 11 Network Address Translation

Chapter 11 Network Address Translation Chapter 11 Network Address Translation You can configure an HP routing switch to perform standard Network Address Translation (NAT). NAT enables private IP networks that use nonregistered IP addresses

More information

Firewall Implementation

Firewall Implementation CS425: Computer Networks Firewall Implementation Ankit Kumar Y8088 Akshay Mittal Y8056 Ashish Gupta Y8410 Sayandeep Ghosh Y8465 October 31, 2010 under the guidance of Prof. Dheeraj Sanghi Department of

More information

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address Objectives University of Jordan Faculty of Engineering & Technology Computer Engineering Department Computer Networks Laboratory 907528 Lab.4 Basic Network Operation and Troubleshooting 1. To become familiar

More information

CSE 127: Computer Security. Network Security. Kirill Levchenko

CSE 127: Computer Security. Network Security. Kirill Levchenko CSE 127: Computer Security Network Security Kirill Levchenko December 4, 2014 Network Security Original TCP/IP design: Trusted network and hosts Hosts and networks administered by mutually trusted parties

More information

Address Resolution Protocol (ARP), Reverse ARP, Internet Protocol (IP)

Address Resolution Protocol (ARP), Reverse ARP, Internet Protocol (IP) Tik-110.350 Computer Networks (3 cr) Spring 2000 Address Resolution Protocol (ARP), Reverse ARP, Internet Protocol (IP) Professor Arto Karila Helsinki University of Technology E-mail: Arto.Karila@hut.fi

More information

Table of Contents DNS. How to package DNS messages. Wire? DNS on the wire. Some advanced topics. Encoding of domain names.

Table of Contents DNS. How to package DNS messages. Wire? DNS on the wire. Some advanced topics. Encoding of domain names. Table of Contents DNS Some advanced topics Karst Koymans Informatics Institute University of Amsterdam (version 154, 2015/09/14 10:44:10) Friday, September 11, 2015 DNS on the wire Encoding of domain names

More information

Gary Hecht Computer Networking (IP Addressing, Subnet Masks, and Packets)

Gary Hecht Computer Networking (IP Addressing, Subnet Masks, and Packets) Gary Hecht Computer Networking (IP Addressing, Subnet Masks, and Packets) The diagram below illustrates four routers on the Internet backbone along with two companies that have gateways for their internal

More information

IP - The Internet Protocol

IP - The Internet Protocol Orientation IP - The Internet Protocol IP (Internet Protocol) is a Network Layer Protocol. IP s current version is Version 4 (IPv4). It is specified in RFC 891. TCP UDP Transport Layer ICMP IP IGMP Network

More information

Lecture 15. IP address space managed by Internet Assigned Numbers Authority (IANA)

Lecture 15. IP address space managed by Internet Assigned Numbers Authority (IANA) Lecture 15 IP Address Each host and router on the Internet has an IP address, which consist of a combination of network number and host number. The combination is unique; no two machines have the same

More information

Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP

Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP Aakanksha Vijay M.tech, Department of Computer Science Suresh Gyan Vihar University Jaipur, India Mrs Savita Shiwani Head Of

More information

Module 1: Reviewing the Suite of TCP/IP Protocols

Module 1: Reviewing the Suite of TCP/IP Protocols Module 1: Reviewing the Suite of TCP/IP Protocols Contents Overview 1 Lesson: Overview of the OSI Model 2 Lesson: Overview of the TCP/IP Protocol Suite 7 Lesson: Viewing Frames Using Network Monitor 14

More information

Technical Support Information Belkin internal use only

Technical Support Information Belkin internal use only The fundamentals of TCP/IP networking TCP/IP (Transmission Control Protocol / Internet Protocols) is a set of networking protocols that is used for communication on the Internet and on many other networks.

More information

Internet Protocol: IP packet headers. vendredi 18 octobre 13

Internet Protocol: IP packet headers. vendredi 18 octobre 13 Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)

More information

Dial-Up VPN auf eine Juniper

Dial-Up VPN auf eine Juniper Dial-Up VPN auf eine Juniper Gateway Konfiguration Phase 1 Konfiguration Create a user that is used to define the phase1 id parameters. Navigate to the following screen using the tree pane on the left

More information

15-441 Project 3, Fall 2001 Stateful Functionality in IP Layer Out: Thursday, November 1, 2001 Due: Tuesday, December 4, 2001

15-441 Project 3, Fall 2001 Stateful Functionality in IP Layer Out: Thursday, November 1, 2001 Due: Tuesday, December 4, 2001 15-441 Project 3, Fall 2001 Stateful Functionality in IP Layer Out: Thursday, November 1, 2001 Due: Tuesday, December 4, 2001 1. Introduction In Project 2 we asked you to implement the IP layer of the

More information

TCP/IP and the Internet

TCP/IP and the Internet TCP/IP and the Internet Computer networking today is becoming more and more entwined with the internet. By far the most popular protocol set in use is TCP/IP (Transmission Control Protocol/Internet Protocol).

More information

Presentation_ID. 2001, Cisco Systems, Inc. All rights reserved.

Presentation_ID. 2001, Cisco Systems, Inc. All rights reserved. Presentation_ID 2001, Cisco Systems, Inc. All rights reserved. 1 IPv6 Security Considerations Patrick Grossetete pgrosset@cisco.com Dennis Vogel dvogel@cisco.com 2 Agenda Native security in IPv6 IPv6 challenges

More information

NETWORK ADMINISTRATION

NETWORK ADMINISTRATION NETWORK ADMINISTRATION INTRODUCTION The PressureMAP software provides users who have access to an Ethernet network supporting TCP/IP with the ability to remotely log into the MAP System via a network connection,

More information

Chapter 3: Review of Important Networking Concepts. Magda El Zarki Dept. of CS UC Irvine elzarki@uci.edu http://www.ics.uci.

Chapter 3: Review of Important Networking Concepts. Magda El Zarki Dept. of CS UC Irvine elzarki@uci.edu http://www.ics.uci. Chapter 3: Review of Important Networking Concepts Magda El Zarki Dept. of CS UC Irvine elzarki@uci.edu http://www.ics.uci.edu/~magda 1 Networking Concepts Protocol Architecture Protocol Layers Encapsulation

More information

IP Addressing Introductory material.

IP Addressing Introductory material. IP Addressing Introductory material. A module devoted to IP addresses. Addresses & Names Hardware (Layer 2) Lowest level Ethernet (MAC), Serial point-to-point,.. Network (Layer 3) IP IPX, SNA, others Transport

More information

Internet Working 5 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2004

Internet Working 5 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2004 5 th lecture Chair of Communication Systems Department of Applied Sciences University of Freiburg 2004 1 43 Last lecture Lecture room hopefully all got the message lecture on tuesday and thursday same

More information

1000 CCNA Certification Exam Preparation Questions and Answers:

1000 CCNA Certification Exam Preparation Questions and Answers: 1000 CCNA Certification Exam Preparation Questions and Answers: One Thousand Practice Questions for Passing the CCNA Exams - Pass On Your First Try 1 Copyright 2009 Notice of rights All rights reserved.

More information

Linux Routers and Community Networks

Linux Routers and Community Networks Summer Course at Mekelle Institute of Technology. July, 2015. Linux Routers and Community Networks Llorenç Cerdà-Alabern http://personals.ac.upc.edu/llorenc llorenc@ac.upc.edu Universitat Politènica de

More information

Internet Protocol. Raj Jain. Washington University in St. Louis.

Internet Protocol. Raj Jain. Washington University in St. Louis. Internet Protocol Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 13-1 Overview! Internetworking

More information

TCP Performance Management for Dummies

TCP Performance Management for Dummies TCP Performance Management for Dummies Nalini Elkins Inside Products, Inc. Monday, August 8, 2011 Session Number 9285 Our SHARE Sessions Orlando 9285: TCP/IP Performance Management for Dummies Monday,

More information

Teldat Router. DNS Client

Teldat Router. DNS Client Teldat Router DNS Client Doc. DM723-I Rev. 10.00 March, 2003 INDEX Chapter 1 Domain Name System...1 1. Introduction...2 2. Resolution of domains...3 2.1. Domain names resolver functionality...4 2.2. Functionality

More information

IP Addressing A Simplified Tutorial

IP Addressing A Simplified Tutorial Application Note IP Addressing A Simplified Tutorial July 2002 COMPAS ID 92962 Avaya Labs 1 All information in this document is subject to change without notice. Although the information is believed to

More information

Hands-on Network Traffic Analysis. 2015 Cyber Defense Boot Camp

Hands-on Network Traffic Analysis. 2015 Cyber Defense Boot Camp Hands-on Network Traffic Analysis 2015 Cyber Defense Boot Camp What is this about? Prerequisite: network packet & packet analyzer: (header, data) Enveloped letters inside another envelope Exercises Basic

More information